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REMARKS 

In view of the following discussion, the Applicants submit that nfime 
now pending in the application is anticipated under the provisions of 
made obvious under the provisions of 35 U.S.C. § 103. Thus, the 
that all of these claims are now in allowable form. 



3! 



I. REJECTION OF CLAIMS 1-3, 18-20 AND 35-37 UNDER 35 U.S.C, 



of the claims 
U.S.C. § 102 or 
Applicants believe 



102 



d by the Bots et 



an endpoint of a 



Claims 1-3, 18-20 and 35-37 stand rejected as being anticipate ( 
al. patent (United States Patent No. 6,226,748, issued May 1 ( 2001, h|reinafter "Bots"). 
The Applicants respectfully traverse the rejection. 

Bots teaches a virtual private network (VPN) unit that serves asj i 
VPN and moderates data communications between members of the V 3 N. Specifically, 
each site (e.g., a company headquarters, a company branch, a client fei e, etc.) in a VPN 
is associated with a VPN unit that implements a combination ofl echniques (e.g., 
compression, encryption, etc.) defined for data packet handling whetn rackets are sent 
between members of the VPN. For example, a first VPN meitnl>er at company 
headquarters may wish to send a secure communication to a second 'VPN member at a 
branch office. The VPN unit associated with the company headquar era will examine 
the (at this point, unencrypted) communication, determine that the deit nation is another 
VPN member, and compress, encrypt or authenticate the communication as required by 
policies for the VPN. A VPN unit associated with the branch office will treat the 
communication in a similar manner before delivering the communicafti >n, unencrypted, 
to the second user. 

The Examiner's attention is directed to the fact that Bots fai 3 to disclose or 
suggest the novel invention of a virtual private network in which a mas er node controls 
the admission and departure of a subset of member nodes, where apcommunications 



between the member nodes are encrypted , as claimed in Applicants' independent 
claims 1, 18 and 35, Specifically, Applicants' claims 1,18 and 35 positively recite: 

1 . A group management system comprising: 
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a plurality of interconnected nodes communicatively coupled wtfth 
member nodes of a virtual private network ('VPN"), wherein ail 
between said interconnected nodes are encrypted : and 

a plurality of master nodes, each of the master nodes controlling 
departure in the VPN for an associated non-empty subset of thte 
(Emphasis added) 



1 8. A method for managing a group, the method comprising: 

providing a plurality of interconnected nodes communicatively 
other as member nodes of a virtual private network ("VRf 
communications between said interconnected nodes are encrypted : anql 



providing a plurality of master nodes, each of the master 
adnission and departure in the VPN for an associated non-empty subsfet 
noces. (Emphasis added) 



each other as 
communications 



admission and 
member nodes. 



qpupled with each 
), wherein all 



flodes controlling 
of the member 



35. A computer readable medium containing an executable progrdrn for managing a 
group, where the program performs the steps of: 

providing a plurality of interconnected nodes communicatively icjbupled with each 
other as member nodes of a virtual private network 0VF*r< "}, wherein all 
communications between said interconnected nodes are encrypted : ah I 

providing a plurality of master nodes, each of the master r odes controlling 
admission and departure in the VPN for an associated non-empty subsist of the member 
nodes. (Emphasis added) 

The Applicants' invention is directed to systems and methids for scalable 
distributed management of virtual private networks (VPNs). Th$ management of 
encrypted group communications necessary to establish secure, private VPN 
communications channels through an underlying public network infrastructure places a 
variety of burdens on a VPN manager. In particular, the additiort or removal of a 
member from a VPN often involves the generation and distribution of me or more new 



communications 
decrypting the 



encryption keys that allow current VPN members to decrypt private 
sent through the VPN, but prevent non-VPN members fronh 
communications. As VPN membership increases and changes dynamically with greater 
frequency, the complexity of encryption key management becomes even more 
burdensome. Thus, the VPN manager becomes a single point of falilire for the entire 
VPN; overload of the VPN manager can cause the entire VPN to faijl. This makes the 
VPN architecture very difficult and very costly to scale, which is not idepl for enterprises 
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relying on secure and private electronic communications. 

The Applicants' invention enhances the scalability of a WPh 



member nodes of the VPN, which communicate with each other via encrypted 



communications , into subsets and providing a plurality of master ndc as that are each 
associated with a subset of member nodes to control membership (Le r > admission and 



departure) in the VPN for that subset For example, each master no ie is responsible 
for managing the generation and distribution of encryption keys for t>ijly its associated 
subset(s), so that VPN communication and management burderis 
entirely on a single master node. This eliminates the single point oflf kilure, because if 
one master node fails, any one of a plurality of other master node => is available to 
assume the failed node's responsibilities. Thus, a VPN employing sucii an architecture 
is more easily scalable than a VPN employing a more conventional architecture, 
because a plurality of new member nodes may be added or admjfted to the VPN 
through a discrete master node. 

In contrast, Bots does not teach or suggest that a VPNI 
membership in a VPN for a subset of interconnected nodes, where §J 



by dividing the 



jinit may control 
communications 



of Bots control 



Moreover, even 
lotcontrolled by 



between the interconnected nodes are encrypted . The VPN units 
communications to and from associated end stations, which are ! r lot equivalent to 
member nodes of a VPN. For example, only some of the oommunicaHi ;>ns between end 
stations may be encrypted, but not all communications are necessarily encrypted. 
Thus, the VPN units can not be considered "master nodes" that control admission and 
departure in a VPN for member nodes, as suggested by the Examined 
if the VPN units may be considered member nodes of a VPN r they are 
master nodes . Thus, if a new VPN unit is added to the VPN (e.g., fcfarj a new company 
branch), a VPN manager must alert the other VPN units to the presence of the new 
VPN unit and distribute new encryption keys. Thus, Bots does 
scalability and key management issues that the present inventibji addresses by 
providing a plurality of master nodes that control the admission and d|e jarture in a VPN 
of a subset of interconnected member nodes, where all communications between the 
interconnected nodes are encrypted. 
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The Examiner submits that Bots does, In fact teach th£ 
communications between interconnected member nodes being j 
Applicants respectfully disagree with this assertion, however, ijji 
Applicants submit that the portion of Bots that the Examiner cit$; 
limitation at most teaches that communications between VPN units a(n-i 
Bots, column 6, lines 37-52: "When a data packet is sent betUpen 
destination addresses that are both members of the same VPN grdu 
process the data packet from the sending side in such as way as td 



encrypted, authenticated and optionally compressed ... The receiving! 1 
the process of decrypting and authenticating the packet before forwajn 



limitation of all 
Encrypted. The 
particular, the 
to support this 
encrypted (see, 
source and 
the VPNU will 
ensure that it fisl 



jfPNU will handle 
ina it toward the 



&mt 



ai d 



destination endstation .". emphasis added). That is, communications 
the member nodes (source and destination nodes), such as commur 
the source and its associated VPNU, or between the destination 
VPNU, are not encrypted. It is only the communications between [t^j 
{i.e., the VPNUs) that are encrypted. 

Bots thus fails to teach or anticipate a system for scalably mfrjjaging 
controls the admission and departure in a VPN of a subset of interconnected 
noces, where all communications between the interconnected nodes! are 



II. REJECTION OF CLAIMS 4-17. 21-34 and 38-51 UNDER 35 U.S.C 



Claims 4-17, 21-34 and 38-51 stand rejected as being unpatentable over Bots in 
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positively claimed by the Applicants in claims 1,18 and 35. Therefcfn i, for at least the 
reasons set forth above, the Applicants submit that independent d^tiins 1 ? 18 and 35 
fully satisfy the requirements of 35 U.S.C. §102 and are patentable thfei sunder. 

Dependent claims 2-3, 19-20 and 36-37 depend from claims 11 , 
recite additional features therefore. As such, and for at least the! reasons set forth 
above, the Applicants submit that claims 2-3, 19-20 and 36-37 are not) anticipated by the 
teachings of Bots. Therefore, the Applicants submit that dependent! c:laim$ 2-3, 19-20 
and 36-37 also fully satisfy the requirements of 35 U.S.C. §102 ahjjj are patentable 
thereunder. 



or received by 
cations between 
its associated 
e intermediaries 



VPNs that 
member 
encrypted, as 
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t ie 



ifcvork 



view of the Pandya et al. patent (United States Patent No. 6,671,7241 
30, 2003, hereinafter Tandya"). The Applicants respectfully traverse! 

Bots has been discussed above. Pandya teaches a syst^ 
network resources in a distributed networking environment. The 
man software components: a plurality of "agent* components ddp 
network devices, and one or more "control point" components deployed 
network. The agents monitor network resources, as well as the nei 
which they are associated, for example to assess the character and q 
resources that are required by the network devices. The agents repjo 
to the control points, which centrally coordinate and control the 
monitor the status of network resources. In response to monitored 
and the data reported by the agents, the control points may alt^r 
particular agents in order to provide the required network services arid 
networked devices. 

As discussed, Bots fails to disclose or suggest the novel in 
private network in which a master node controls the admission and 6 
of a subset of interconnected member nodes, where all communicajtio 



Issued December 

rejection, 
m for managing 
syfsRem includes two 
oyed at various 
throughout the 
devices with 
iflantity of network 
this information 
de^yed agents and 
h^twork conditions 
the behavior of 
resources to the 



thus 



the 



interconnected nodes are encrypted , as claimed in Applicants' ameMed 
claims 1, 18 and 35, from which claims 4-17, 21-34, and 38-51 depejn i 
not bridge this gap in the teachings of Bots. Bots in view of Pandya I 
or make obvious a system for scalably managing VPNs that controls ' 
departure in a VPN of a subset of interconnected member h<Jdes 
communications between the interconnected nodes are encrypted , asj 
by the Applicants in claims 1,18 and 35. Therefore, for at least thd 
above, the Applicants submit that independent claims 1,18 and 3(5 
requirements of 35 U.S.C. §103 and are patentable thereunder. 

i 

Dependent claims 4-17, 21-34, and 38-51 depend from claimsl 1 
recite additional features therefore. As such, and for at least the 
above, the Applicants submit that claims 4-17, 21-34, and 38-51 are 
by the teachings of Bots in view of Pandya. Therefore, the ApplfcAi 
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dependent claims 4-17, 21-34, and 38-51 also fully satisfy the r^uirements of 35 
U.S.C. §103 and are patentable thereunder. 



IN- CONCLUSION j 

Thus, the Applicants submit that all of the presented clain^ 
requirements of 35 U.S.C. §102 and 35 U.S.C. §103. Consequently, 
believe that all of the presented claims are presently in conditlop 
Accordingly, both reconsideration of this application and its swift pas: 
earnestly solicited. 

If, however, the Examiner believes that there are any unresolvtec 
the maintenance of the final action in any of the claims now pending ih 
is requested that the Examiner telephone Mr. Kin-Wah Tona Esq. at i(7 
that appropriate arrangements can be made for resolving such issues 
as possible. 

Respectfully submitted, 



£ age 



issues requiring 
he application, it 
32) 530-9404 so 
as expeditiously 



Date 



Paterson & Sheridan, LLP 
595 Shrewsbury Avenue 
Shrewsbury, New Jersey 07702 



Kin-Wah Tong, Attomjiij* 



Reg. No. 39,400 
(732) 530-9404 



Fully satisfy the 
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